Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-1975

Argo CD RBAC supports regex matches

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Normal Normal
    • 1.7.0
    • None
    • Operator
    • None
    • 5
    • False
    • None
    • False
    • Hide
      Adds support to allow users to choose RBAC policy matcher mode. There are currently two options glob and regex. Glob is the default.

      ``` yaml
      apiVersion: argoproj.io/v1alpha1
      kind: ArgoCD
      metadata:
        name: example-argocd
        labels:
          example: rbac
      spec:
        rbac:
          defaultPolicy: 'role:readonly'
          policyMatcherMode: 'glob'
          policy: |
            g, system:cluster-admins, role:admin
          scopes: '[groups]'
      ```
      Show
      Adds support to allow users to choose RBAC policy matcher mode. There are currently two options glob and regex. Glob is the default. ``` yaml apiVersion: argoproj.io/v1alpha1 kind: ArgoCD metadata:   name: example-argocd   labels:     example: rbac spec:   rbac:     defaultPolicy: 'role:readonly'     policyMatcherMode: 'glob'     policy: |       g, system:cluster-admins, role:admin     scopes: '[groups]' ```
    • GITOPS Sprint 223

      As an Argo CD Admin/User I would like to be provided with an option to choose matchMode, which configures the matchers function for casbin. . Default mode is globMatch. Anyone who want to use regex mode needs to set "match.mode" in argocd-rbac-cm.  ****

      https://github.com/argoproj/argo-cd/pull/7165

      Example:
      policy.matchMode: 'regex'

      Acceptance Criteria:

      • Verify if a user can configure matchMode.
      • Add tests to validate the behavior

       

            aveerama@redhat.com Abhishek Veeramalla
            aveerama@redhat.com Abhishek Veeramalla
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: